Block WAN Access to/from Specific Interface via iptables

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
swampgator352
DD-WRT Novice


Joined: 28 Oct 2023
Posts: 17
PostPosted: Sat Mar 16, 2024 18:54    Post subject: Block WAN Access to/from Specific Interface via iptables Reply with quote
Router Model: TP-Link ARCHER-C7 v5
Firmware Version: DD-WRT v3.0-r54569 (12/21/23)

I am trying to build an additional iptables rule to supplement ho1Aetoo's very helpful Quick Start Guide. Specifically, I am working within the framework shown in the last example titled "allow management access from br0 to br1+br2 - long version".

I want to block WAN access to/from devices on br2. Would these two rules accomplish this?


Code:
iptables -I OUTPUT -i br2 -j logdrop

Code:
iptables -I FORWARD -o br2 -j logdrop


Are there other rules I should consider adding? I don't need to access my network externally, host any services, etc. Just want to allow typical web browsing, streaming, etc. on br0 and br1.

I am trying to get all my ducks in a row before setting my ISP provided gateway into bridge mode to minimize impact on the people in my household using our current setup (who see no reason to change anything). Many thanks for any advice/suggestions at this stage!
Back to top View user's profile Send private message
Sponsor
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 3006
Location: Germany
PostPosted: Sat Mar 16, 2024 19:42    Post subject: Reply with quote
You can switch off Masquerade / NAT on the interface, which should also block WAN access.

The following firewall rule should also work

Code:
iptables -I FORWARD -i br2 -o vlan2 -m state --state NEW -j REJECT

_________________
Quickstart guides:
use Pi-Hole as simple DNS-Server with DD-WRT
VLAN configuration via GUI - 1 CPU port
VLAN configuration via GUI - 2 CPU ports (R7800, EA8500 etc)

Routers
Marvell OCTEON TX2 - QHora-322 - OpenWrt 23.05.3 - Gateway
Qualcomm IPQ8065 - R7800 - DD-WRT - WAP
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum